Some clarification here too.   If an institution wants to run some "Blue Team" exercises here, like UVU did when we were there, I think this is fully valid.  But we run into this little "problem", at all institutions, where things start to leak.  Sometimes it's the local liaison, sometimes it's us just chumming around (I've done this myself), but obviously the less this leaks ahead of time, the better, and more realistic our "Persistent Threat" scenario will be.  For the sake of keeping all of UEN's address space blacklisted and firewalled, I would suggest we keep these activities mainly restricted to the address space at Dixie where our virtual boxes are kept.  If one or all of them get blocked, that is a finding in itself, but it will be easier to coordinate any unblocking of those addresses for the audit, with the local Security Officer.

Are there any strong opinions about that, or is it just silly?